Two Plus Two Forums Hacked

On Thursday, leading poker forum Twoplustwo had to temporarily close its forums thanks to an unknown hacker!

Twoplustwo has warned its members that the hacker (or hackers) has displayed the ability to access e-mail addresses and encrypted passwords. The hacker has also indicated the ability to decrypt passwords.

Twoplustwo management told its community members,

“While it is unclear the extent of data to which he gained access, e-mail addresses and passwords on the Two Plus Two forums should be considered compromised. If you have used your 2+2 password on any other site, you are advised to change it. For your security we are closing the forums until the breach is patched.”

Yikes! Let’s hope TwoPlusTwo can get to the bottom of this and get the issue resolved quickly. As of Friday, the popular poker forum was still down.

This has been the second time in months that TwoPlusTwo has been hacked. According to Calvin Ayre, “To assist in the forensic investigation, we helpfully offer the utterly unsubstantiated theory that the site was hacked by friends and/or accomplices of Phil Ivey and Howard Lederer. Rightly or wrongly, both men are perennial Two Plus Two whipping boys over their involvement with Full Tilt, and by chance both men made headlines independent of one another on Thursday.” Interesting theory.

Update, 4/27: TwoPlusTwo Issues Statement

“Given that this happened in spite of having applied all current security patches from the companies that provide our forum software, we are in the process of employing additional security experts to ensure that we are in compliance with the highest security measures possible.

At this point in time we anticipate forum downtime to be within 4-6 days.”

@Tito The Hacker I agree with the idea that any website can be compromised but I do not agree with the idea that passwords cannot be isolated because there exist a connection.

There exist a solution called The Sybil (http://thesibyl.net/) developed by spanish researchers that isolate passwords and protects the communications between the system and the “passwords database” with a secure cryptographic algorithm.